Your Brain Is Bad at Security
OAKLAND–Security teams are frustrated constantly by users who ignore warnings about phishing sites, bad certificates, or malware, and just click through to get wherever they were going. It turns out that behavior probably isn’t the users’ fault. It’s just human nature. There are many reasons why this behavior persists, even when users are told in no uncertain […]
Inside the Fight Against Bulletproof Hosting Providers
OAKLAND–For years, bulletproof hosting providers have been the bane of the Internet. They serve as havens for malware, cybercrime operations, and child exploitation rings, while dodging law enforcement by moving their operations early and often. But security researchers and cybercrime investigators are beginning to make some headway in the fight against these operators, through cooperation […]
‘We Need to Embrace the Mundane’ in Security
OAKLAND–The security industry as a whole is really good at identifying interesting new problems and coming up with fancy products to solve them. But there is still a long list of boring, known problems that no one has fixed yet, and those are the ones that need the most attention, experts say. One of those boring problems […]
Google Wants to Encrypt the Web. Now.
OAKLAND–The security engineers at Google have spent years working on improving the security and reliability of Chrome, and it’s had a remarkable effect. They’re not satisfied with just raising the security bar for one browser, though, and now are pushing the rest of the industry and the web community at large to get with the program. […]
Facebook Unveils Delegated Recovery Account Security System
OAKLAND–Facebook has developed a new account-recovery system that eschews the typical communications channels used for this process, and instead relies on a user’s connections with other services. The scheme allows users to regain access to accounts without providing any identifiable information to other services. The Delegated Recovery system, which Facebook introduced at the Enigma conference here […]
Dridex Trojan Using New Method to Bypass Windows UAC
Researchers have found a new version of the old Dridex banking Trojan that is being used in a fresh campaign in the U.K. and employs a novel technique to bypass one of the key security safeguards in Windows. Dridex has been around for nearly three years and is descended from the GameOver Zeus Trojan, one […]
Chrome 56 Debuts With Insecure Page Warnings
Google has released a major update to its Chrome browser, which includes fixes for 51 vulnerabilities and marks the end of Flash and the beginning of warnings about pages that send sensitive information over plaintext connections. Chrome 56 has a number of security related upgrades, aside from the patches. The biggest change is that the […]
Executive Order Excludes Non-US Persons From Privacy Act Protections
Buried deep within the executive order on immigration policy that President Trump issued Wednesday is a section that significantly alters the way that the Privacy Act will be applied going forward. A small section of the executive order, which mostly focuses on changes to immigration policy and enforcement, lays out a change that will force […]
Lawmakers Push Bill to Study Vehicle Software Security
A new bill introduced in the House of Representatives Tuesday would force the federal government to perform a long-term study of the security and privacy controls of the software running in vehicles, including their navigation, entertainment and other systems. The bill is sponsored by Rep. Ted Lieu (D-Calif.) and Rep. Joe Wilson (R-S.C.), and it’s another […]